[c-nsp] protecting router MAC addresses

Church, Chuck cchurch at netcogov.com
Wed Oct 13 07:33:52 EDT 2004


Lee,

	Is the first phone being put in a voice VLAN (i.e. dynamically
creating a trunk via CDP)?  If so, what is the second daisy-chained
phone doing, since it's plugged in a probably set as access (non-trunk),
but trying to trunk as well.  Perhaps these tagged frames coming from
the 2nd phone are causing some confusion on the 6500.  Maybe try turning
off voice vlan support on those daisy-chained phones?  5.x code is
pretty old to be handling voice VLAN stuff, maybe a later 6.x release
would work better.  Or a mac-address access-list.  HTH.


Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Netco Government Services - Design & Implementation Team
1210 N. Parker Rd.
Greenville, SC 29609
Home office: 864-335-9473
Cell: 703-819-3495
cchurch at netcogov.com  <-note new address!
PGP key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x4371A48D
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
lee.e.rian at census.gov
Sent: Wednesday, October 13, 2004 7:04 AM
To: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] protecting router MAC addresses



> > We've had a couple of times recently where Cisco IP phones
daisy-chained
> > together get into a state where they echo frames back to the switch.
Once
> > that happens the switch learns the router MAC address on the user
port
&
> > traffic meant for the router is black-holed.  It finally happened on
a
> > switch running 5.x code & we got a lot of these syslog messages
>
>     Isn't this is sort of a problem that spanning tree is designed to
solve?
> Enabling spanning tree or bpduguard on your access ports should solve
the

> problem I think... if I understood well what you meant by "daisy
chained"
IP
> phones...

We do have spanning tree enabled on all vlans.  We don't have bpduguard
enabled & that sounds like something worth doing.  But I don't know if
enabling bpduguard would prevent the problem or not - we haven't been
able
to recreate the problem.  By "daisy chained" I mean
switch == phone == phone == phone
so spanning tree shouldn't make any difference since there's no loop

Thanks,
Lee


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list